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DETAILED ACTION 

1. Claims 1-30 are presented for examination. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 12-16 are rejected under 35 U.S.C. 102(e) as being anticipated by Cohen et al. 
(Cohen, Patent No.: US 6,178,511 Bl) 

As per claim 12, Cohen teaches an electronic device in communication with a network, a method 
for a user to access a plurality of resources having different authorization requirements, the 
method comprising: 

said network storing a plurality of user identifiers with said plurality of 
resources (Cohen Col. 5 lines 16-58); 

said user accessing said network via a user electronic device (Cohen Fig. 1, and col. 4 
lines 9-21); 

said user providing identifying data to said network (Cohen Col. 6 lines 19-37); 
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said network retrieving a unique user identifier for said user in a repository of 
unique user identifiers (Cohen Col. 6 lines 19-col. 7 lines 20, col. 2 lines 33-4 land col. 5 lines 
16-44); 

said network storing said unique user identifier on a storage device, said unique 
user identifier indicating said user is authenticated (Cohen Col. 2 lines 33-4, and col. 2 lines 60- 
col. 7 lines 7); 

said user accessing one of said plurality of resources, wherein said unique user 
identifier is transmitted to said one of said plurality of resources to identify said user 
such that said user can access authorized resources without providing additional 
identifying information (Cohen Col. 2 lines 33-41, and abstract) and said user is denied access to 
unauthorized resources (Cohen Col. 10 lines 18-38). 

As per claim 13, Both Cohen teaches the method, further comprising said unique user identifier 
providing a key to retrieve an authorization datum associated with one of said plurality of user 
identifiers matching said unique user identifier from one of said plurality of resources (Cohen 
Col. 6 lines 19-59). 

As per claim 14, Cohen teaches the method, wherein prior to said step of storing said plurality of 
user identifiers, said method further comprising the steps of: 

said user registering with said network (Cohen Col. 5 lines 16-58); 

said network generating said unique user identifier for said user (Cohen Col. 5 lines 16- 
58); and 
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said network inserting said unique user identifier in at least one of said plurality 
of user identifiers (Cohen Col. 5 lines 16-58). 

As per claim 15, Cohen teaches the method, wherein said proving step comprises said user 
supplying at least one of a login name, a password, and a digital certificate (Cohen Col. 5 lines 
45-53; a user supplying a password and ID). 

As per claim 16, Cohen teaches the method, wherein prior to said storing said unique user 
identifier step, said method further comprising said user providing credentials (Cohen Col. 5 
lines 45-53; a user supplying a password and ID, target name, and user preferences). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1-4, 6-11, and 18-30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Cohen et al. (Cohen, Patent No.: US 6,178,511 Bl) in view of Weissman (Pub. No.: US 
2002/0161901 Al). 

As per claim 1 , Cohen teaches in an electronic device in communication with a network, a 
method for authenticating and authorizing a user (Cohen Abstract), comprising the steps of: 
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receiving a user request from a user electronic device (Cohen Col. 6 lines 60-col. 7 lines 
20, and fig. 1 No. 20 and No. 14,16, & 18; the server (20) receiving a user request from device 
(14)); 

determining an identity of said user (Cohen Col. 6 lines 19-col. 7 lines 20) , wherein said 
step of determining further comprises the steps of: 

searching for information relating to said user in a repository of user information, 
said searching based at least partially on said user request and a 

login identity supplied by said user (Cohen Col. 6 lines 19-col. 7 lines 20, and col. 5 lines 
16-44, the server searches the database according to the user's request to sign-on a user to 
various target systems); 

retrieving a user identifier representing said user upon locating said 
information of said user (Cohen Col. 6 lines 19-col. 7 lines 20, col. 2 lines 33-41and col. 
5 lines 16-44); and 

receiving an authorization datum associated with said user, based at least 
partially on said user identifier, from said resource (Cohen Abstract, and col. 2 lines 33- 
41 ; a target resource in a distributed computer enterprise is accessed by an authorized user); 
Cohen does not explicitly teach; 

storing at least said user identifier in a data packet; and 
sending said data packet to a storage device such that said data packet is 
transmittable to electronic devices in communication with said network when 
said user attempts to access a resource within said network; 
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However Weissman discloses a single logon system for logging onto multiple server 
computers by storing at least said user identifier in a data packet (Weissman Claim 1, claim 15, 
and claim 28); 

sending said data packet to a storage device such that said data packet is 
transmittable to electronic devices in communication with said network when 
said user attempts to access a resource within said network (Weissman Page 6 par. 0032, 
and page 7 par. 0036); 

Therefore it would have been obvious to one havening ordinary skill in the art at the time 
the invention was made to employ the teachings of Weissman within the system of Cohen 
because it would allow to automatically logon a user to multiple web sites or resources without 
signing more than one time (using single logon) (Weissman Page 3 par. 0022). 

As per claim 18, Cohen teaches a method implemented by at least one electronic device for 
authentication and authorization using a user identifier to retrieve user data, the method 
comprising the steps of: 

accessing a repository containing a plurality of user identifiers (Cohen Col. 6 lines 19- 

37); 

retrieving said user identifier from said repository, said user identifier being unique to a 
user (Cohen Col. 6 lines 19-45); and 

Cohen does not explicitly teach: 

storing said user identifier in a data packet readable by an electronic device; 
transmitting said data packet to a storage device coupled to said electronic 
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device; and 

making said data packet available to a resource configured within an enterprise 
network to authorize said user. 

However Weissman discloses a single logon system for logging onto multiple 
server computers by storing said user identifier in a data packet readable by an electronic device 
(Weissman Claim 1, claim 15, and claim 28); 

transmitting said data packet to a storage device coupled to said electronic device 
(Weissman Page 6 par. 0032, and page 7 par. 0036); and 

making said data packet available to a resource configured within an enterprise 
network to authorize said user (Weissman Page 6 par. 0032, page 7 par. 0036, and abstract). 

Therefore it would have been obvious to one havening ordinary skill in the art at the time 
the invention was made to employ the teachings of Weissman within the system of Cohen 
because it would allow to automatically logon a user to multiple web sites or resources without 
signing more than one time (using single logon) (Weissman Page 3 par. 0022). 

As per claim 23, Cohen teaches a network of electronic devices suitable for implementing a 
method for authentication and authorization using a user identifier to retrieve user data, said 
network of electronic devices comprising: 

a repository containing a plurality of user identifiers, each user identifier being 
unique to a user and said repository being in communication with said network (Cohen Col. 5 
lines 16-40, col. 6 lines 19-37, and Col. 9 lines 47-67); 

a first software tool suitable for receiving user login information, accessing said 
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repository, locating a user identifier relating to said user (Cohen Col. 6 lines 19-45), 

a user electronic device suitable for communication with said network (Cohen Fig. 1, and 

Col. 4 lines 9-21); and 

Cohen does not explicitly teach: 

transmitting any such user identifier to an electronic storage device suitable for storing 
said user identifier in a data packet for transmission to resources within said network; and 

a second software tool suitable for receiving said data packet and locating 
authorization datum of said user. 

However Weissman discloses a single logon system for logging onto multiple server 
computers by transmitting any such user identifier to an electronic storage device suitable for 
storing said user identifier in a data packet for transmission to resources within said network 
(Weissman Page 6 par. 0032, claim 3, and page 7 par. 0036); and 

a second software tool suitable for receiving said data packet and locating 
authorization datum of said user (Weissman Page 6 par. 0032, fig. 3 No. 310, and page 7 par. 
0036). 

Therefore it would have been obvious to one havening ordinary skill in the art at the time 
the invention was made to employ the teachings of Weissman within the system of Cohen 
because it would allow to automatically logon a user to multiple web sites or resources without 
signing more than one time (using single logon) (Weissman Page 3 par. 0022). 
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As per claim 28, Cohen teaches a computer readable medium containing a software program for 
executing a method for authenticating and authorizing a user, said method comprising the steps 
of: 

receiving a user request from a user electronic device (Cohen Col. 6 lines 60-col. 7 lines 
20, and fig. 1 No. 20 and No. 14,16, & 18; the server (20) receiving a user request device (14)); 

determining an identity of said user (Cohen Col. 6 lines 19-45), wherein said step of 
determining further comprises the steps of: 

searching for information of said user in an authentication database (Cohen Col. 6 lines 
19-col. 7 lines 20, and col. 5 lines 16-44, the server searches the database according to the user's 
request to sign-on a user to various target systems); 

locating said user credential in reference to said user in said 
authentication database (Cohen Col. 6 lines 19-col. 7 lines 20, and col. 5 lines 16-44); 

retrieving a universal identifier representing said user upon locating said 
user credential in reference to said user (Cohen Col. 6 lines 19-col. 7 lines 20, col. 2 lines 33- 
41and col. 5 lines 16-44); 

Cohen does not explicitly teach: 

packaging at least said universal identifier in a data packet; and 
transmitting said data packet to a user electronic device such that said 
data packet is transmittable to electronic devices in communication with a 
network when said user attempts to access a resource within said network such 
that said user can access authorized resources without providing additional identifying 
information. 
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However Weissman discloses a single logon system for logging onto multiple server 
computers by packaging at least said universal identifier in a data packet (Weissman Page 6 par. 
0032, claim 3, and page 7 par. 0036); and 

transmitting said data packet to a user electronic device such that said 
data packet is transmittable to electronic devices in communication with a 
network when said user attempts to access a resource within said network such 
that said user can access authorized resources without providing additional identifying 
information (Weissman Page 6 par. 0032, fig. 3 No. 310, and page 7 par. 0036). 

Therefore it would have been obvious to one havening ordinary skill in the art at the time 
the invention was made to employ the teachings of Weissman within the system of Cohen 
because it would allow to automatically logon a user to multiple web sites or resources without 
signing more than one time (using single logon) (Weissman Page 3 par. 0022). 

As per claim 2, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, wherein said receiving step comprises said user providing a 
login name to said network (Cohen Col. 5 lines 45-58, and col. 2 lines 33-41). 

As per claim 3, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, wherein prior to said searching step, said method further 
comprising the steps of: 

registering said user with said network (Cohen Col. 5 lines 16-58); 

generating said user identifier relating to said user (Cohen Col. 5 lines 16-58); 



Application/Control Number: 09/972,226 Page 1 1 

Art Unit: 2136 

inserting said user identifier in said repository of user information (Cohen Col. 5 lines 16- 
58); and 

populating a plurality of repositories containing authorization data with said user 
identifier (Cohen Col. 5 lines 16-col. 6 lines 45). 

As per claim 4, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, further comprising the step of said user providing a security 
identity (Cohen Col. 6 lines 19-37). 

As per claim 6, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, wherein said determining step further comprises indicating a 
result to said user regarding permitted access to said network (Cohen Col. 6 lines 8-37, and col. 
10 lines 15-38). 

As per claim 7, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, wherein said determining step further comprises requesting a 
user credential of said user (Cohen Col. 6 lines 8-37). 

As per claim 8, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Weissman teaches the method, wherein said sending step further comprises sending said 
data packet to a user electronic device supporting said storage device (Weissman Page 6 par. 



Application/Control Number: 09/972,226 Page 12 

Art Unit: 2136 

0032, fig. 3 No. 310, and page 7 par. 0036; data structure is sent to user's web). The rational for 
combining are the same as claim 1 above. 

As per claim 9, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Weissman teaches the method, further comprising the step of storing information in 
addition to said user identifier in said data packet (Weissman Page 6 par. 0032, fig. 3 No. 310, 
and page 7 par. 0036; the user computer receives the cookies and stores the cookies on the user's 
computer). The rational for combining are the same as claim 1 above. 

As per claim 10, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Weissman teaches the method, wherein said sending step comprises transmitting a 
cookie to said user electronic device enabling an identity of said user to be automatically 
recognized when said cookie is transmitted to said resource within said network (Weissman Page 
6 par. 0032, fig. 3 No. 310, and page 7 par. 0036; the user computer receives the cookies and 
stores the cookies on the user's computer to be automatically recognized). The rational for 
combining are the same as claim 1 above. 

As per claim 11, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, further comprising the step of encrypting said data packet 
(Cohen Col. 6 lines 19-37). 
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As per claim 19, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Weissman teaches the method, wherein said step of storing comprises packaging said 
user identifier in a cookie suitable for storage on at least one of a user electronic device and a 
user proxy electronic device (Weissman Page 6 par. 0032, fig. 3 No; 310, and page 7 par. 0036; 
the user computer receives the cookies and stores the cookies on the user's computer to be 
automatically recognized). The rational for combining are the same as claim 1 above. 

As per claim 20, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, further comprising the step of a software program employed 
to access a network reading said storage device (Cohen Col. 5 lines 16-col. 46). 

As per claim 21, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Weissman teaches the method, further comprising the step of a web browser employed 
to access a network reading said storage device (Weissman Page 7 par. 0036). The rational for 
combining are the same as claim 18 above. 

As per claim 22, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the method, further comprising the steps of: 
delivering said data packet to said resource configured within said enterprise 
network; 

extracting said user identifier from said data packet (Cohen Col. 6 lines 19-45); 
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accessing a repository containing a plurality of user entitlement data (Cohen Col. 5 lines 
16-col.6 lines 45); and 

retrieving a user-specific entitlement from said repository containing said 
plurality of user entitlement data using said user identifier to locate said user-specific 
entitlement (Cohen Col. 5 lines 16-col.6 lines 45; user is authenticated and entitlement is 
retrieved to the resource and access to the resource is allowed). 

As per claim 24, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the network of electronic devices, wherein said electronic storage device 
is readable by a software program suitable for accessing said network (Cohen Col. 3 lines 60-col. 
4 lines 21). 

As per claim 25, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Weissman teaches the network of electronic devices, wherein said software program is a 
web browser (Weissman Page 7 par. 0036, and abstract). 

As per claim 26, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the network of electronic devices, wherein said electronic storage device 
is a resource configured within said network (Cohen Abstract; target resources). 
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As per claim 27, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the network of electronic devices, further comprising a repository 
containing authorization data, said repository accessible using said user 

identifier as a key to retrieve a user-specific entitlement associated with said user (Cohen Col. 5 
lines 16-col. 6 lines 37). 

As per claim 29, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Cohen teaches the computer readable medium, wherein the method executed by the 
software program further comprises the steps of: 

transmitting said data packet to said resource within said network; 

accessing a repository containing a plurality of user identifiers using said 
universal identifier in a search operation; and 

retrieving a user-specific entitlement from said repository containing a plurality 
of user identifiers, said user-specific entitlement associated with said universal identifier. 

As per claim 30, Both Cohen and Weissman teach all the subject matter as described above. In 
addition Weissman teaches the computer readable medium, wherein the method executed by the 
software program further comprises the step of requesting a user credential (Weissman Page 6 
par. 0032, and page. 7 par. 0036). The rational for combining are the same as claim 28 above. 
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6. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. 
(Cohen, Patent No.: US 6,178,51 1 Bl) in view of Weissman (Pub. No.: US 2002/0161901 Al), 
and in further view of Thompson et al. (Thompson, Pub. No.: US 2002/0022483 Al). 

As per claim 5, Both Cohen and Weissman teach all the subject matter as described above. 
Cohen and Weissman do not explicitly teach digital certificate, 

However Thompson teaches a single sign-on technology based on digital certificate 
(Thompson Page 4 par. 0052) that reads on the method, further comprising the step of said user 
providing a digital certificate. 

Therefore it would have been obvious to one havening ordinary skill in the art at the time 
the invention was made to employ the teachings of Thompson within the combination system of 
Cohen and Weissman because it would allow an accurate and efficient control of access to the 
data and computing resources of an enterprise. 

7. Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. 
(Cohen, Patent No.: US 6,178,51 1 Bl) in view of Thompson et al. (Thompson, Pub. No.: US 
2002/0022483 Al). 

As per claim 17, Cohen teaches all the subject matter as described above. Cohen does not 
explicitly teach a digital certificate. 
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However Thompson teaches a single sign-on technology based on digital certificate 
(Thompson Page 4 par. 0052) that reads on the method, wherein prior to said storing said unique 
user identifier step, said method further comprising said user providing a digital certificate. 

Therefore it would have been obvious to one havening ordinary skill in the art at the time 
the invention was made to employ the teachings of Thompson within the system of Cohen 
because it would allow an accurate and efficient control of access to the data and computing 
resources of an enterprise. 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A Shiferaw whose telephone number is 571-272-3867. The 
examiner can normally be reached on Mon-Fri 8:00am-5 :00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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